add column grant to mysql_grant

author: Micah Anderson <micah@riseup.net> 2011-12-30 12:37:44 -0500
committer: Micah Anderson <micah@riseup.net> 2011-12-30 12:39:27 -0500
commit: ae6dab7c25492f73aaeb354179db832f451b1c2f (patch)
tree: 84cc9938cfa19c4e1785d50177c85cdddadcf6e6 /lib
parent: 1faf0b322ff0a2117a96fca1b4589e619aad446f (diff)
2 files changed, 38 insertions, 2 deletions
diff --git a/lib/puppet/provider/mysql_grant/mysql.rb b/lib/puppet/provider/mysql_grant/mysql.rb
index 93c5e34..b782f12 100644
--- a/lib/puppet/provider/mysql_grant/mysql.rb
+++ b/lib/puppet/provider/mysql_grant/mysql.rb
@@ -26,6 +26,8 @@ MYSQL_TABLE_PRIVS = [ :select_priv, :insert_priv, :update_priv, :delete_priv,
                       :trigger_priv
 ]
 
+MYSQL_COLUMN_PRIVS = [ :select_priv, :insert_priv, :update_priv, :references_priv ]
+
 Puppet::Type.type(:mysql_grant).provide(:mysql) do
 
   desc "Uses mysql as database."
@@ -39,7 +41,7 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
 
   # this parses the
   def split_name(string)
-    matches = /^([^@]*)@([^\/]*)(\/(.*))?(\/(.*))?$/.match(string).captures.compact
+    matches = /^([^@]*)@([^\/]*)(\/(.*))?(\/(.*))?(\/(.*))?$/.match(string).captures.compact
     case matches.length 
       when 2
         {
@@ -62,6 +64,15 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
           :db => matches[3],
           :table => matches[5]
         }
+      when 8
+        {
+          :type => :table,
+          :user => matches[0],
+          :host => matches[1],
+          :db => matches[3],
+          :table => matches[5],
+          :column => matches[7]
+        }
     end
   end
 
@@ -81,6 +92,10 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
         mysql "mysql", "-e", "INSERT INTO tables_priv (host, user, db, table) VALUES ('%s', '%s', '%s', '%s')" % [
           name[:host], name[:user], name[:db], name[:table],
         ]
+      when :column
+        mysql "mysql", "-e", "INSERT INTO columns_priv (host, user, db, table, column_name) VALUES ('%s', '%s', '%s', '%s', '%s')" % [
+          name[:host], name[:user], name[:db], name[:table], name[:column],
+        ]
       end
       mysql_flush
     end
@@ -99,6 +114,9 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
     if name[:type] == :table
       fields << :table
     end
+    if name[:type] == :column
+      fields << :column
+    end
     not mysql( "mysql", "-NBe", 'SELECT "1" FROM %s WHERE %s' % [ name[:type], fields.map do |f| "%s = '%s'" % [f, name[f]] end.join(' AND ')]).empty?
   end
 
@@ -110,6 +128,8 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
         MYSQL_DB_PRIVS
       when :table
         MYSQL_TABLE_PRIVS
+      when :column
+        MYSQL_COLUMN_PRIVS
     end
     all_privs = all_privs.collect do |p| p.to_s end.sort.join("|")
     privs = privileges.collect do |p| p.to_s end.sort.join("|")
@@ -128,6 +148,8 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
       privs = mysql "mysql", "-Be", 'select * from db where user="%s" and host="%s" and db="%s"' % [ name[:user], name[:host], name[:db] ]
     when :table
       privs = mysql "mysql", "-Be", 'select * from tables_priv where User="%s" and Host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ]
+    when :column
+      privs = mysql "mysql", "-Be", 'select * from columns_priv where User="%s" and Host="%s" and Db="%s" and Table_name="%s" and Column_name="%s"' % [ name[:user], name[:host], name[:db], name[:table], name[:column] ]
     end
 
     if privs.match(/^$/) 
@@ -165,7 +187,11 @@ Puppet::Type.type(:mysql_grant).provide(:mysql) do
     when :table
       stmt = 'update table_priv set '
       where = ' where user="%s" and host="%s" and Db="%s"' % [ name[:user], name[:host], name[:db] ]
-      all_privs = MYSQL_DB_PRIVS
+      all_privs = MYSQL_DB_PRIVS    
+    when :column
+      stmt = 'update columns_priv set '
+      where = ' where user="%s" and host="%s" and Db="%s" and Table="%s"' % [ name[:user], name[:host], name[:db], name[:table] ]
+      all_privs = MYSQL_DB_PRIVS    
     end
 
     if privs[0] == :all 
diff --git a/lib/puppet/type/mysql_grant.rb b/lib/puppet/type/mysql_grant.rb
index 6bc7533..c6311e5 100644
--- a/lib/puppet/type/mysql_grant.rb
+++ b/lib/puppet/type/mysql_grant.rb
@@ -5,6 +5,16 @@ Puppet::Type.newtype(:mysql_grant) do
   #ensurable
   autorequire(:service) { 'mysqld' }
 
+  autorequire :mysql_table do
+    reqs = []
+    matches = self[:name].match(/^([^@]*)@([^\/]*)\/(.+)\/(.+)$/)
+    unless matches.nil?
+      reqs << matches[4]
+    end
+    # puts "Autoreq: '%s'" % reqs.join(" ")
+    reqs
+  end
+
   autorequire :mysql_db do
     # puts "Starting db autoreq for %s" % self[:name]
     reqs = []
author	Micah Anderson <micah@riseup.net>	2011-12-30 12:37:44 -0500
committer	Micah Anderson <micah@riseup.net>	2011-12-30 12:39:27 -0500
commit	ae6dab7c25492f73aaeb354179db832f451b1c2f (patch)
tree	84cc9938cfa19c4e1785d50177c85cdddadcf6e6 /lib
parent	1faf0b322ff0a2117a96fca1b4589e619aad446f (diff)